android签名已存在的apk
使用uber-apk-signer.jar
使用 google 的新apk签名工具 uber-apk-signer。uber-apk-signer是一个 cli 工具,支持v1、v2和v3的Android签名方案。下载最新uber-apk-signer.jar
用法如下:
-a,--apks <file/folder> Can be a single apk or a folder containing multiple apks. These are used
as source for zipalining/signing/verifying. It is also possible to
provide multiple locations space seperated (can be mixed file folder):
'/apk /apks2 my.apk'. Folder will be checked non-recursively.
--allowResign If this flag is set, the tool will not show error on signed apks, but
will sign them with the new certificate (therefore removing the old
one).
--debug Prints additional info for debugging.
--dryRun Check what apks would be processed without actually doing anything.
-h,--help Prints help docs.
--ks <keystore> The keystore file. If this isn't provided, will tryto sign with a debug
keystore. The debug keystore will be searched in the same dir as
execution and 'user_home/.android' folder. If it is not found there a
built-in keystore will be used for convenience. It is possible to pass
one or multiple keystores. The syntax for multiple params is
'<index>=<keystore>' for example: '1=keystore.jks'. Must match the
parameters of --ksAlias.
--ksAlias <alias> The alias of the used key in the keystore. Must be provided if --ks is
provided. It is possible to pass one or multiple aliases for multiple
keystore configs. The syntax for multiple params is '<index>=<alias>'
for example: '1=my-alias'. Must match the parameters of --ks.
--ksDebug <keystore> Same as --ks parameter but with a debug keystore. With this option the
default keystore alias and passwords are used and any arguments relating
to these parameter are ignored.
--ksKeyPass <password> The password for the key. If this is not provided, caller will get a
user prompt to enter it. It is possible to pass one or multiple
passwords for multiple keystore configs. The syntax for multiple params
is '<index>=<password>'. Must match the parameters of --ks.
--ksPass <password> The password for the keystore. If this is not provided, caller will get
a user prompt to enter it. It is possible to pass one or multiple
passwords for multiple keystore configs. The syntax for multiple params
is '<index>=<password>'. Must match the parameters of --ks.
-l,--lineage <path> The lineage file for apk signer schema v3 if more then 1 signature is
used. See here https://bit.ly/2mh6iAC for more info.
-o,--out <path> Where the aligned/signed apks will be copied to. Must be a folder. Will
create, if it does not exist.
--overwrite Will overwrite/delete the apks in-place
--skipZipAlign Skips zipAlign process. Also affects verify.
-v,--version Prints current version.
--verbose Prints more output, especially useful for sign verify.
--verifySha256 <cert-sha256> Provide one or multiple sha256 in string hex representation (ignoring
case) to let the tool check it against hashes of the APK's certificate
and use it in the verify process. All given hashes must be present in
the signature to verify e.g. if 2 hashes are given the apk must have 2
signatures with exact these hashes (providing only one hash, even if it
matches one cert, will fail).
-y,--onlyVerify If this is passed, the signature and alignment is only verified.
--zipAlignPath <path> Pass your own zipalign executable. If this is omitted the built-in
version is used (available for win, mac and linux)对已有apk进行签名,并且对apk进行zipalign对齐(zipalign优化可以帮助操作系统更高效率地根据请求索引资源)优化。可以运行
java -jar uber-apk-signer.jar -a #app-release.apk# --ks #keystore.jks# --ksAlias #alias# --ksKeyPass #keyPass# --ksPass #keystorePass#其中 #app-release.apk# 是apk的路径,#keystore.jks# 是签名文件,#alias# 是秘钥的别名,#keyPass# 是秘钥的密码,#keystorePass# 是keystore的密码。
运行之后,生成了app-release-aligned-signed.apk。
$ ls
app-release-aligned-signed.apk app-release.apkjarsigner验证
jarsigner是jdk下的一个工具,一般在 %JAVA_HOME%/bin 目录下。
验证签名apk命令:
jarsigner -verify -verbose app-release_legu-aligned-signed.apk